Updates asset_filter for terraform policies to include terraform-hcl (#…

…113) This PR updates Terraform policies to include `terraform-hcl` to prepare for mondoohq/cnquery#861. This change is backwards compatible for older clients Signed-off-by: Scott Ford <[email protected]>
mondoohq · Jan 31, 2023 · 22942d9 · 22942d9
1 parent ee9b601
commit 22942d9
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 12 deletions.
diff --git a/core/mondoo-terraform-aws-security.mql.yaml b/core/mondoo-terraform-aws-security.mql.yaml
@@ -35,14 +35,14 @@ policies:
       - title: AWS General 
         asset_filter:
           query: |
-            platform.name == "terraform"
+            platform.name == "terraform" || platform.name == "terraform-hcl"
             terraform.providers.one(nameLabel == "aws")
         scoring_queries:
           terraform-aws-security-no-static-credentials-in-providers: null 
       - title: Amazon API Gateway
         asset_filter:
           query: |
-            platform.name == "terraform"
+            platform.name == "terraform" || platform.name == "terraform-hcl"
             terraform.providers.one(nameLabel == "aws") 
         scoring_queries:
           terraform-aws-security-api-gw-cache-enabled-and-encrypted:
@@ -53,7 +53,7 @@ policies:
       - title: Amazon Elastic Compute Cloud (Amazon EC2)
         asset_filter:
           query: |
-            platform.name == "terraform"
+            platform.name == "terraform" || platform.name == "terraform-hcl"
             terraform.providers.one(nameLabel == "aws")
         scoring_queries:
           terraform-aws-security-ec2-ebs-encryption-by-default:
@@ -62,14 +62,14 @@ policies:
       - title: AWS Identity and Access Management (IAM)
         asset_filter:
           query: |
-            platform.name == "terraform"
+            platform.name == "terraform" || platform.name == "terraform-hcl"
             terraform.providers.one(nameLabel == "aws")
         scoring_queries:
           terraform-aws-security-iam-no-wildcards-policies:
       - title: Amazon Simple Storage Service (Amazon S3)
         asset_filter:
           query: |
-            platform.name == "terraform"
+            platform.name == "terraform" || platform.name == "terraform-hcl"
             terraform.providers.one(nameLabel == "aws")
         scoring_queries:
           terraform-aws-security-s3-bucket-versioning-enabled:
@@ -80,7 +80,7 @@ policies:
       - title: AWS Elastic Kubernetes Service (EKS) Security for Terraform
         asset_filter:
           query: |
-            platform.name == "terraform"
+            platform.name == "terraform" || platform.name == "terraform-hcl"
             terraform.providers.one(nameLabel == "aws")
         scoring_queries:
           terraform-aws-security-eks-encrypt-secrets:

diff --git a/core/mondoo-terraform-gcp-security.mql.yaml b/core/mondoo-terraform-gcp-security.mql.yaml
@@ -35,14 +35,14 @@ policies:
       - title: GCP BigQuery
         asset_filter:
           query: |
-            platform.name == "terraform"
+            platform.name == "terraform" || platform.name == "terraform-hcl"
             terraform.providers.one( nameLabel == "google" )
         scoring_queries:
           terraform-gcp-security-bigquery-no-public-access: null
       - title: GCP Identity and Access Management (IAM)
         asset_filter:
           query: |
-            platform.name == "terraform"
+            platform.name == "terraform" || platform.name == "terraform-hcl"
             terraform.providers.one( nameLabel == "google" )
         scoring_queries:
           terraform-gcp-security-iam-no-folder-level-default-service-account-assignment: null
@@ -51,15 +51,15 @@ policies:
       - title: GCP Cloud Storage
         asset_filter:
           query: |
-            platform.name == "terraform"
+            platform.name == "terraform" || platform.name == "terraform-hcl"
             terraform.providers.one( nameLabel == "google" )
         scoring_queries:
           terraform-gcp-security-storage-no-public-access: null
           terraform-gcp-security-storage-enable-ubla: null
       - title: GCP Compute
         asset_filter:
           query: |
-            platform.name == "terraform"
+            platform.name == "terraform" || platform.name == "terraform-hcl"
             terraform.providers.one( nameLabel == "google" )
         scoring_queries:
           terraform-gcp-security-compute-no-public-ip: null
@@ -80,15 +80,15 @@ policies:
       - title: GCP DNS
         asset_filter:
           query: |
-            platform.name == "terraform"
+            platform.name == "terraform" || platform.name == "terraform-hcl"
             terraform.providers.one( nameLabel == "google" )
         scoring_queries:
           terraform-gcp-security-dns-enable-dnssec: null
           terraform-gcp-security-dns-no-rsa-sha1: null
       - title: GCP Google Kubernetes Engine (GKE)
         asset_filter:
           query: |
-            platform.name == "terraform"
+            platform.name == "terraform" || platform.name == "terraform-hcl"
             terraform.providers.one( nameLabel == "google" )
         scoring_queries:
           terraform-gcp-security-gke-enable-auto-repair: null